Connecting to SMTP Virtual Server from Internet


I'm going to make my SBS2003 sit in the recieving end of a SMTP store and forward chain. With my ISP using sendmail he'll collect all my mail in one place and then forward it directly to my server. Im opening port 25 in my router and pointing it at SBS2003 (1 nic no ISA) and I'm filtering IPs at the Virtual Server settings.

Before I do all this I'm testing my setup. I can use Outlook Express to send SMTP directly to the SBS inside the LAN though if I try connect from outside the LAN going via the router (using DYNDNS, and a "virtual server" port forward on port 25 on a D-Link 604 Router) it fails miserably all the time. Is there any hoops I must jump through to make this happen?

Im getting:
OE: Protokoll: SMTP, Port: 25, Secure (SSL): Nej, Socket-fel: 10053, Felnummer: 0x800CCC0F
Outlook 2003: with the "Test account"-feature I get ok on finding the server but an err on sending a testmail

Who is Participating?
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
Tell your Unix-leaning friend that if he's going to advise you that he should use facts, not his bias.  I manage both Windows SMTP servers and Unix SMTP servers, and while I don't have the hard facts, I can tell you that my Exim servers (UNIX) get attacked 100+ times a day.  My Windows Server get's maybe 2 or 3 attempts.

And I think your reasoning is right... my UNIX servers are at a NOC (EV1 Servers), and the Windows Servers are all SBS's.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
This sounds so incredibly complicated.  Why are you doing it this way?  Just because you have a Dynamic IP doesn't mean that you can't have your Exchange Server receive email directly.

Also, why are you using Outlook Express and not Outlook 2003?  Outlook Express cannot be configured with an Exchange Account.

You also would configure all of this with the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here: and a full networking overview for SBS is at

Within that wizard you'll see a "more information" button on each screen that has invaluable help in deciding which options to select.  
Be sure to check those out as well.

None of it should be done manually.

Please review for the steps necessary to configure Exchange for SMTP.

ola_erikAuthor Commented:
Hmm you're not reading my post.

I'm using OE to test if SBS2003 virtual SMTP server is functioning. And it is, inside the LAN but not from outside, which seems pretty wierd. AFAIK it should be the same thing if auth is off in the VS and it is.

So Im guessing there is some hurdle to having SBS2003 SMTP VS accepting incoming mail and that is the question.

Lol I guess I'll try rerun some wizards before I try anything else. :-)
Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

ola_erikAuthor Commented:
I've done the CEICW and forwarded my router port 25 to SBS. I assume that I can use OE (or Outlook 2003 for that matter) to test the functionality of SMTP VS over Internet as I can on the LAN.

OE briefly says. "authenticating" and then gives the error msg... :-(

I guess there is quite some difference between a SMTP server and OE and OE functionality isnt an indicator of SMTP functionalty?

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You don't need to test that the SMTP server is functioning internally.  There is no benefit in doing this.  

You should instead use something like to test your SMTP availability.

You otherwise should only test your server manually with Telnet.  Follow the steps in this KB article for that:

I shouldn't even mention this on the SBS forum but if your ISP has sendmail and is willing to do store and forward then you could just ask them to do ETRN instead - gets round the dynamic DNS issue as your server opens the connection to receive the emails from the SMTP server. Thats all much more complicated than necessary though, sort of thing Linux people do.

You're not having any luck with OE/Outlook probably because the SBS SMTP server will not relay email from a non-local address, you have to be sending it to an email address that exists on the SBS server.

Back in SBS world, do as TechSoEasy says.

Ideally get a fixed IP but I've used dynDNS with SBS before without a major problems. I'd of thought it better to get your domain host to configure your DNS MX (mail exchange) primary as the SBS server and then the secondary as your ISP for a backup. Sounds like you've configured your router fine and if you've done the CEICW then it should all work without any reconfiguration.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Actually I don't know why you would be hesitant to mention that here... ETRN is easily configured on an SBS and certainly can be.  But I just find that it's not as efficient, and generally isn't used unless the SBS has a dial-up connection.

ola_erikAuthor Commented:
Hmm it seems my traffic (from home) is blocked somehow.

I port forwarded port 25 and enabled anon login on the server and had no prob telnetting from another location and sending mail thru command line (Putty to friend with ISP without any traffic blocks and telnet from there)

I still couldnt telnet to the port from home, neither to port 8025.(another p fw)..strange.

Thx for the links to the wizard info, Ive been through both them and most of the Info they point to was known to me.

I certainly hear you Jeff on the simplicity argument and Im going in that direction.

The basic issue is how safe the MS SMTP VS is and if we want it open to the world.
(I have to do IP filtered port forward on my DI-604 DLINK router, does FW-rules override port forwards and how...tadadadadaaa?) My Unix-leaning friend doesnt think we should the world see our MS SMTP VS at all since its MS and will be hacked by spammers and their like in a jiffy. Also, its a small-midsize firm and we're not there doing instant patching on the releaseday all the time etc.

Jeff, whats your experience on this. Can you shoot a few points from the hip on paranoid is it practical and relevant to be? They are on a well known ISP (scanning) but are totally off the public radar (news, politics, controversies etc).


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.